Merge branch 'devel'

.github/workflows/rubyonrails.yml

@@ -1,6 +1,6 @@
 # Redmine plugin for OAuth
 #
-# Copyright © 2011-22 Karel Pičman <[email protected]>
+# Karel Pičman <[email protected]>
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

.rubocop.yml

@@ -1,6 +1,6 @@
 # Redmine plugin for OAuth
 #
-# Copyright © 2011-22 Karel Pičman <[email protected]>
+# Karel Pičman <[email protected]>
 #
 # This program is free software; you can redistribute it and/or
 # modify it under the terms of the GNU General Public License

CHANGELOG.md

@@ -1,6 +1,17 @@
 Changelog for Redmine OAuth
 ==========================
 
+2.1.4 *2024-01-12*
+------------------
+
+    Autologin
+    Google OAuth provider
+    Keycloak OAuth provider
+
+
+* New: #22 - About feature requests and providers enhancement
+* New: #21 - Autologin enhancement
+
 2.1.3 *2023-11-20*
 ------------------
 

README.md

@@ -1,4 +1,4 @@
-## Redmine OAuth plugin 2.1.3
+## Redmine OAuth plugin 2.1.4
 
 [![GitHub CI](https://github.com/kontron/redmine_oauth/actions/workflows/rubyonrails.yml/badge.svg?branch=main)](https://github.com/kontron/redmine_oauth/actions/workflows/rubyonrails.yml)
 [![Support Ukraine Badge](https://bit.ly/support-ukraine-now)](https://github.com/support-ukraine/support-ukraine)
@@ -13,8 +13,10 @@ Inspired by Gucin's plugin https://github.com/Gucin/redmine_omniauth_azure.
 
 Supported OAuth providers:
 * Azure AD (https://azure.microsoft.com)
-* Otka (https://www.okta.com)
 * GitLab (https://about.gitlab.com)
+* Google (https://google.com)
+* Keycloak (https://www.keycloak.org)
+* Otka (https://www.okta.com)
 
 ### Installation:
 
@@ -54,7 +56,16 @@ Open _Administration -> Plugins_ in your Redmine and configure the plugin.
 
 **Client secret** xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
-**Tenant ID** xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxx
+**Tenant ID / Realm** xxxxxxxx-xxx-xxxx-xxxx-xxxxxxxxxxxx
+
+---
+**Provider**  Google
+
+**Site**  https://accounts.google.com
+
+**Client ID** xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
+
+**Client secret** xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
 
 ### Tasks
 

app/controllers/redmine_oauth_controller.rb

@@ -27,6 +27,7 @@ class RedmineOauthController < AccountController
 
   def oauth
     session[:back_url] = params[:back_url]
+    session[:autologin] = params[:autologin]
     oauth_csrf_token = generate_csrf_token
     session[:oauth_csrf_token] = oauth_csrf_token
     case Setting.plugin_redmine_oauth[:oauth_name]
@@ -42,6 +43,18 @@ def oauth
         state: oauth_csrf_token,
         scope: 'read_user'
       )
+    when 'Google'
+      redirect_to oauth_client.auth_code.authorize_url(
+        redirect_uri: oauth_callback_url,
+        state: oauth_csrf_token,
+        scope: 'profile email'
+      )
+    when 'Keycloak'
+      redirect_to oauth_client.auth_code.authorize_url(
+        redirect_uri: oauth_callback_url,
+        state: oauth_csrf_token,
+        scope: 'openid email'
+      )
     when 'Okta'
       redirect_to oauth_client.auth_code.authorize_url(
         redirect_uri: oauth_callback_url,
@@ -72,6 +85,18 @@ def oauth_callback
       user_info = JSON.parse(userinfo_response.body)
       user_info['login'] = user_info['username']
       email = user_info['email']
+    when 'Google'
+      token = oauth_client.auth_code.get_token(params['code'], redirect_uri: oauth_callback_url)
+      userinfo_response = token.get('https://openidconnect.googleapis.com/v1/userinfo',
+                                    headers: { 'Accept' => 'application/json' })
+      user_info = JSON.parse(userinfo_response.body)
+      user_info['login'] = user_info['email']
+      email = user_info['email']
+    when 'Keycloak'
+      token = oauth_client.auth_code.get_token(params['code'], redirect_uri: oauth_callback_url)
+      user_info = JWT.decode(token.token, nil, false).first
+      user_info['login'] = user_info['preferred_username']
+      email = user_info['email']
     when 'Okta'
       token = oauth_client.auth_code.get_token(params['code'], redirect_uri: oauth_callback_url)
       userinfo_response = token.get(
@@ -98,6 +123,8 @@ def oauth_callback
   def try_to_login(email, info)
     params['back_url'] = session[:back_url]
     session.delete :back_url
+    params['autologin'] = session[:autologin]
+    session.delete :autologin
     user = User.joins(:email_addresses).where(email_addresses: { address: email }).first
     if user # Existing user
       if user.registered? # Registered
@@ -167,6 +194,22 @@ def oauth_client
           authorize_url: '/oauth/authorize',
           token_url: '/oauth/token'
         )
+      when 'Google'
+        OAuth2::Client.new(
+          Setting.plugin_redmine_oauth[:client_id],
+          Setting.plugin_redmine_oauth[:client_secret],
+          site: site,
+          authorize_url: '/o/oauth2/v2/auth',
+          token_url: 'https://oauth2.googleapis.com/token'
+        )
+      when 'Keycloak'
+        OAuth2::Client.new(
+          Setting.plugin_redmine_oauth[:client_id],
+          Setting.plugin_redmine_oauth[:client_secret],
+          site: site,
+          authorize_url: "/realms/#{Setting.plugin_redmine_oauth[:tenant_id]}/protocol/openid-connect/auth",
+          token_url: "/realms/#{Setting.plugin_redmine_oauth[:tenant_id]}/protocol/openid-connect/token"
+        )
       when 'Okta'
         OAuth2::Client.new(
           Setting.plugin_redmine_oauth[:client_id],

app/views/hooks/_view_account_login_bottom.html.erb

@@ -22,7 +22,7 @@
 
 <% if Setting.plugin_redmine_oauth[:button_icon] != 'none' %>
   <%= stylesheet_link_tag 'redmine_oauth', plugin: 'redmine_oauth' %>
-  <%= form_tag(oauth_path(back_url: back_url), method: :get) do %>
+  <%= form_tag(oauth_path(back_url: back_url), method: :get, id: 'oauth-login') do %>
     <%= back_url_hidden_field_tag %>
     <%= button_tag(name: 'login-oauth', tabindex: 6, id: 'login-oauth-submit', title: l(:oauth_login_with),
           style: "background: #{Setting.plugin_redmine_oauth[:button_color]}") do %>
@@ -31,3 +31,23 @@
     <% end %>
   <% end %>
 <% end %>
+
+<%= javascript_tag do %>
+  $('#autologin').change(function() {
+    let oauth_login_form = $("#oauth-login")
+    if(oauth_login_form && this.checked) {
+      $('<input>', {
+        type: 'hidden',
+        id: 'autologin',
+        name: 'autologin',
+        value: '1'
+      }).appendTo(oauth_login_form);
+    }
+    else{
+        let hidden_tag = $('input:hidden[name="autologin"]');
+        if(hidden_tag){
+          hidden_tag.remove();
+        }
+    }
+  });
+<% end %>

app/views/settings/_oauth_settings.html.erb

@@ -27,6 +27,8 @@
   <%= select_tag 'settings[oauth_name]', options_for_select([
       %w(Azure\ AD Azure\ AD),
       %w(GitLab GitLab),
+      %w(Google Google),
+      %w(Keycloak Keycloak),
       %w(Okta Okta),
       ["&nbsp;".html_safe, 'none']
     ], @settings[:oauth_name]), onchange: 'oauth_settings_visibility()' %>
@@ -74,7 +76,11 @@
       <%= text_field_tag 'settings[client_secret]', @settings[:client_secret], size: 40 %>
       <em class="info"><%= l(:oauth_client_secret_info) %></em>
     </p>
-    <p id="oauth_options_tenant">
+    <% if %w(GitLab Google).include?(@settings[:oauth_name]) %>
+      <p id="oauth_options_tenant" style="display: none">
+    <% else %>
+      <p id="oauth_options_tenant">
+    <% end %>
       <label><%= l(:oauth_tenant_id) %></label>
       <%= text_field_tag 'settings[tenant_id]', @settings[:tenant_id], size: 40 %>
       <em class="info"><%= l(:oauth_tenant_id_info) %></em>

assets/javascripts/redmine_oauth.js

@@ -62,15 +62,24 @@ function oauth_settings_visibility()
             div_oauth_options.find('#oauth_options_tenant').show();
             tenant_id.val("");
             break;
-        case 'Okta':
+        case 'GitLab':
             div_oauth_options.show();
-            div_oauth_options.find('#oauth_options_tenant').show();
-            tenant_id.val("default");
+            div_oauth_options.find('#oauth_options_tenant').hide();
             break;
-        case 'GitLab':
+        case 'Google':
             div_oauth_options.show();
             div_oauth_options.find('#oauth_options_tenant').hide();
             break;
+        case 'Keycloak':
+            div_oauth_options.show();
+            div_oauth_options.find('#oauth_options_tenant').show();
+            tenant_id.val("");
+            break;
+        case 'Okta':
+            div_oauth_options.show();
+            div_oauth_options.find('#oauth_options_tenant').show();
+            tenant_id.val("default");
+            break;
         default:
             break;
     }

config/locales/en.yml

@@ -32,7 +32,7 @@ en:
   oauth_client_id_info: Application (client) ID
   oauth_client_secret: Client secret
   oauth_client_secret_info: Application password
-  oauth_tenant_id: Tenant ID
+  oauth_tenant_id: Tenant ID / Realm
   oauth_tenant_id_info: Directory (tenant) ID
   oauth_button_info: Colour and icon (Awesome font class) of the OAuth login button (Empty for no button)
   oauth_login_button: Login button

init.rb

@@ -25,7 +25,7 @@
   name 'Redmine OAuth plugin'
   author 'Karel Pičman'
   description 'Redmine OAuth plugin'
-  version '2.1.3'
+  version '2.1.4'
   url 'https://github.com/kontron/redmine_oauth'
   author_url 'https://github.com/kontron/redmine_oauth/graphs/contributors'